I have tried to make use of the new NPM registry that's now part of the free GitLab edition. I am attempting to create a NPM package and publish it on our company's GitLab instance. When attempting to run npm publish, the process exits with the error:

npm ERR! code E404
npm ERR! 404 Not Found - PUT https://gitlab.myemployer.com/api/v4/projects/1873/packages/npm/@sqt-klu%2fodysseus-nn-core
npm ERR! 404
npm ERR! 404  '@sqt-klu/[email protected]' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

This problem appears when run through GitLab CI/CD as well as through the local command line.

For reference, our internal GitLab's URL is gitlab.myemployer.com/sqt-klu/odysseus/nn-core. As such, I presume @sqt-klu is the scope GitLab wants.

The CI/CD file (and what I have been trying to replicate locally) does this before npm publish during the before_script phase:

    - npm config set @sqt-klu:registry https://gitlab.myemployer.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
    - npm config set https://gitlab.myemployer.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken ${CI_JOB_TOKEN}

Locally, my user-level npmrc is as following (actual token is removed but it is a personal access token that has been assigned all possible scopes):

audit-level=high
python=c:\Python27\python.exe
https://gitlab.myemployer.com/api/v4/projects/1873/packages/npm/:_authToken=redacted
@sqt-klu:registry=https://gitlab.myemployer.com/api/v4/projects/1873/packages/npm/

And if it's relevant, here are the crucial contents of package.json (I've omitted contributors, dependencies, devDependencies, engine and author in this excerpt):

{
  "name": "@sqt-klu/odysseus-nn-core",
  "version": "0.0.1",
  "license": "UNLICENSED",
  "publishConfig": {
    "@sqt-klu:registry":"https://gitlab.myemployer.com/api/v4/projects/1873/packages/npm/"
  }
}

I have also tried a few different package names as per this official guide, to no avail.

I feel like I am missing something very trivial, but I am stuck on this. Any helpful pointers or ideas are appreciated.

Note: I have replaced the FQDN of the endpoint in all mentions in case my employer gets grumpy about this.

404 errors can, confusingly perhaps, refer to problems with credentials in this situation.

You should replace

https://gitlab.myemployer.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken

with:

//gitlab.myemployer.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken

All other settings look okay* and should work. By default, a Gitlab project should have the package repository feature enabled. You can en/disable it in the project settings.

* you could reduce the scope of your personal access token to just api.
When/if you use project-level or org/group-level deploy tokens, they only need read_package_registry and/or write_package_registry.

In my case, I had a similar issue and this question helped me to understand the problem.

• Check package.json and the publishConfig setting. As it's shown in question, the format is @company:registy. At first I missundertand and I thought "registry" was meening it's name. But its literally 'registry'.

Hope it's helpful for someone!

Hopefully somebody else can benefit from the half-hour I just spent pounding my head against this. See if you can spot the difference:

//your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken "${NPM_TOKEN}"

//your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken="${NPM_TOKEN}"

If you guessed that the second line lets you publish your package successfully, while the first one is totally ignored by NPM... you're right!